CVE-2017-12789

MetInfo 5.3.18 is affected by Cross-Site Request Forgery (CSRF) in the admin/interface/online/delete.php component. The vulnerability enables Information Disclosure (remote) when an administrator clicks a malicious link while logged in. This is consistently described across multiple sources (NVD ...

CVE-2017-12788

Multiple cross-site scripting XSS vulnerabilities in admin/index.php in Metinfo 5.3.18 allows remote attackers to inject arbitrary web script or HTML via the 1 class1 parameter or the 2 anyid parameter...

CVE-2019-11508

In Pulse Secure Pulse Connect Secure PCS before 8.1R15.1, 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an authenticated attacker via the admin web interface can exploit Directory Traversal to execute arbitrary code on the appliance...

PT-2019-12342 · Pulse Secure · Pulse Connect Secure

Name of the Vulnerable Software and Affected Versions: Pulse Secure Pulse Connect Secure PCS versions 8.1R15.0 and earlier Pulse Secure Pulse Connect Secure PCS versions 8.2R12.0 and earlier Pulse Secure Pulse Connect Secure PCS versions 8.3R7.0 and earlier Pulse Secure Pulse Connect Secure PCS...

Multiple vulnerabilities in the configuration function of the administrative graphical interface of Cisco Wireless LAN Controller software allow a malicious individual to cause service failures.

Multiple vulnerabilities exist in the configuration function of the administrative graphical interface of Cisco Wireless LAN Controller microprogramming system. These vulnerabilities arise due to insufficient validation of input data. Exploitation of these vulnerabilities could allow a malicious...

Stack overflow

In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure version 9.0RX before 9.0R3.2, 5.4RX before 5.4R7.1, 5.3RX before 5.3R12.1, 5.2RX before 5.2R12.1, and 5.1RX before 5.1R15.1, an...

CVE-2019-11542

In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure version 9.0RX before 9.0R3.2, 5.4RX before 5.4R7.1, 5.3RX before 5.3R12.1, 5.2RX before 5.2R12.1, and 5.1RX before 5.1R15.1, an...

Command injection

In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure version 9.0RX before 9.0R3.2, 5.4RX before 5.4R7.1, 5.3RX before 5.3R12.1, 5.2RX before 5.2R12.1, and 5.1RX before 5.1R15.1, the admin...

CVE-2019-11539

In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure version 9.0RX before 9.0R3.2, 5.4RX before 5.4R7.1, 5.3RX before 5.3R12.1, 5.2RX before 5.2R12.1, and 5.1RX before 5.1R15.1, the admin...

CVE-2019-11542

CVE-2019-11542 describes a stack buffer overflow in Pulse Connect Secure / Pulse Policy Secure triggered by an authenticated attacker via the admin web interface by sending a specially crafted message. The issue is one of a family of vulnerabilities disclosed in Pulse Secure advisories (SA44101) ...

CVE-2019-11539

In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure version 9.0RX before 9.0R3.2, 5.4RX before 5.4R7.1, 5.3RX before 5.3R12.1, 5.2RX before 5.2R12.1, and 5.1RX before 5.1R15.1, the admin...

PT-2019-6319 · Pulse · Pulse Policy Secure +1

Name of the Vulnerable Software and Affected Versions: Pulse Connect Secure versions 9.0RX prior to 9.0R3.4 Pulse Connect Secure versions 8.3RX prior to 8.3R7.1 Pulse Connect Secure versions 8.2RX prior to 8.2R12.1 Pulse Connect Secure versions 8.1RX prior to 8.1R15.1 Pulse Policy Secure versions...

PT-2019-19294 · Tibco Software · Tibco Activematrix Policy Director +6

Name of the Vulnerable Software and Affected Versions: TIBCO ActiveMatrix BPM versions prior to 4.2.1 TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric versions prior to 4.2.1 TIBCO ActiveMatrix Policy Director versions prior to 1.1.1 TIBCO ActiveMatrix Service Bus versions prior to 3.3...

Cross site scripting

An XSS issue was discovered in app/admincp/template/admincp.header.php in idreamsoft iCMS 7.0.14 via the admincp.php?app=config tab parameter...

CVE-2019-3915

Authentication Bypass by Capture-replay vulnerability in Verizon Fios Quantum Gateway G1100 firmware version 02.01.00.05 allows an unauthenticated attacker with adjacent network access to intercept and replay login requests to gain access to the administrative web interface...

CVE-2019-9660

Stored XSS exists in YzmCMS 5.2 via the admin/category/edit.html "catname" parameter...

OFCMS Backend Arbitrary File Write Vulnerability

OFCMS is a content management system based on Java technology. OFCMS version before 1.1.3 has a backend arbitrary file write vulnerability. An attacker can exploit this vulnerability by traversing the admin/cms/template/getTemplates.html?respath=res directory to write arbitrary content in the...

CVE-2019-9608

An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider for example file.jsp::$DATA to the admin/ueditor/uploadImage URI...

Stored XSS Vulnerability in DOYO Administrator Interface

DOYO doyocms is a PHP-based open source content management system CMS. A cross-site scripting vulnerability exists in the admin.php backend in DOYO version 2.3 through 2015-05-06. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML...

The vulnerability of the administrative web interface of the Cisco Identity Services Engine allows a perpetrator to increase their privileges.

The vulnerability of the administrative web interface of the Cisco Identity Services Engine relates to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to enhance their privileges through specially crafted HTTP requests...